Known Vulnerabilities for products from Qnap
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Qnap".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Additional devices specifications by Qnap can be found at device.report : Qnap
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-22898 json | A missing authentication for critical function vulnerability has been reported to affect QVR Pro. The remote attackers can th... | Not Provided | 2026-03-20 | 2026-04-14 |
| CVE-2026-22895 json | A cross-site scripting (XSS) vulnerability has been reported to affect QuFTP Service. If a remote attacker gains an administr... | Not Provided | 2026-03-20 | 2026-04-10 |
| CVE-2025-62846 json | An SQL injection vulnerability has been reported to affect QHora. If a local attacker gains an administrator account, they ca... | Not Provided | 2026-03-20 | 2026-04-14 |
| CVE-2025-62845 json | An improper neutralization of escape, meta, or control sequences vulnerability has been reported to affect QHora. If a local ... | Not Provided | 2026-03-20 | 2026-04-14 |
| CVE-2025-62844 json | A weak authentication vulnerability has been reported to affect QHora. If an attacker gains local network access, they can th... | Not Provided | 2026-03-20 | 2026-04-14 |
| CVE-2025-62843 json | An improper restriction of communication channel to intended endpoints vulnerability has been reported to affect QHora. If an... | Not Provided | 2026-03-20 | 2026-04-14 |
| CVE-2025-59383 json | A buffer overflow vulnerability has been reported to affect Media Streaming Add-On. The remote attackers can then exploit the... | Not Provided | 2026-03-20 | 2026-04-14 |
| CVE-2024-21901 json | 4.7 - MEDIUM | 2024-03-08 | 2024-03-13 | |
| CVE-2024-21900 json | 6.5 - MEDIUM | 2024-03-08 | 2024-03-13 | |
| CVE-2024-21899 json | 9.8 - CRITICAL | 2024-03-08 | 2024-03-13 | |
| CVE-2023-41285 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 8.8 - HIGH | 2023-11-10 | 2023-11-16 |
| CVE-2023-41284 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 8.8 - HIGH | 2023-11-10 | 2023-11-16 |
| CVE-2023-39301 json | A server-side request forgery (SSRF) vulnerability has been reported to affect several QNAP operating system versions. If exp... | 4.3 - MEDIUM | 2023-11-03 | 2023-11-14 |
| CVE-2023-39299 json | A path traversal vulnerability has been reported to affect Music Station. If exploited, the vulnerability could allow users t... | 7.5 - HIGH | 2023-11-03 | 2023-11-14 |
| CVE-2023-39295 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 8.8 - HIGH | 2023-11-10 | 2023-11-16 |
| CVE-2023-34977 json | A cross-site scripting (XSS) vulnerability has been reported to affect Video Station. If exploited, the vulnerability could a... | 5.4 - MEDIUM | 2023-10-13 | 2023-10-14 |
| CVE-2023-34976 json | A SQL injection vulnerability has been reported to affect Video Station. If exploited, the vulnerability could allow authenti... | 8.8 - HIGH | 2023-10-13 | 2023-10-18 |
| CVE-2023-34975 json | A SQL injection vulnerability has been reported to affect Video Station. If exploited, the vulnerability could allow authenti... | 8.8 - HIGH | 2023-10-13 | 2024-03-08 |
| CVE-2023-34973 json | An insufficient entropy vulnerability has been reported to affect QNAP operating systems. If exploited, the vulnerability pos... | 5.3 - MEDIUM | 2023-08-24 | 2023-08-31 |
| CVE-2023-34972 json | A cleartext transmission of sensitive information vulnerability has been reported to affect QNAP operating systems. If exploi... | 6.5 - MEDIUM | 2023-08-24 | 2023-08-31 |
Known software with vulnerabilities from Qnap
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Qnap | Helpdesk | 1.0.06 |
| Application | Qnap | Iartist Lite | 1.4.53.1 |
| Application | Qnap | Multimedia Console | 1.0.0 |
| Application | Qnap | Music Station | 4.8.0 |
| Application | Qnap | Myqnapcloud | 1.3.3.0925 |
| Application | Qnap | Nas Proxy Server | 1.3.0 |
| Application | Qnap | Netbak Replicator | 4.5.11.816 |
| Application | Qnap | Photo Station | 5.2.0 |
| Application | Qnap | Qes | 1.1.4 |
| Application | Qnap | Qfinder Pro | 6.1.0.0317 |
| Application | Qnap | Qsync | 4.2.2.0724 |
| Operating System | Qnap | Qts | - |
| Application | Qnap | Qts | 4.3.3.0174 |
| Application | Qnap | Qts Helpdesk | 1.1.12 |
| Application | Qnap | Quts Hero | h4.5.0 |
| Application | Qnap | Qcenter | 1.1.15 |
| Application | Qnap | Signage Station | 2.0 |
| Hardware | Qnap | Ss-839 | - |
| Operating System | Qnap | Ss-839 Firmware | 4.0.7 |
| Application | Qnap | Surveillance Station | 5.0.3 |